fb714393f3d8690326f985a1420fc348_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

fb714393f3d8690326f985a1420fc348_JaffaCakes118
Size

37KB
MD5

fb714393f3d8690326f985a1420fc348
SHA1

fdf34940cc578d8e4efe686c07659c138e757e56
SHA256

f3bfc8332808593728f218baca39a2e0b77f771848c8449fe9d16c55e7f5038d
SHA512

db5618d91a36f4a9c4c3f42d49b10af69d7b02bbdc68134535a5d5994ad49c893934c3f8f92daa4395f08ca43d7814f3bba1b789c538b9bfdc461b3ba144ff0b
SSDEEP

768:A4t5skHbr6vSyy7V4t5skHbr6vSyy7Dhbn725KGEUjF:psQbr+Ty7isQbr+Ty7DC3jF

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ek.exe
unpack001/neko.exe
unpack001/yt.exe

Files

fb714393f3d8690326f985a1420fc348_JaffaCakes118
.rar
ek.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
neko.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
yt.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE